Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/jIloPrfxJcgyny1NM07pKeFVbWQ.roa
File:                     jIloPrfxJcgyny1NM07pKeFVbWQ.roa (raw, json)
Hash identifier:          XTmwDeeL/aTTb7wzUaHctoEAhoAugHb8j8uKdagGibQ=
Subject key identifier:   8C:89:68:3E:B7:F1:25:C8:32:9F:2D:4D:33:4E:E9:29:E1:55:6D:64
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       01998717B939756A8180ABA11D810D7522C4
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/jIloPrfxJcgyny1NM07pKeFVbWQ.roa
Signing time:             Fri 26 Sep 2025 17:35:02 +0000
ROA not before:           Fri 26 Sep 2025 17:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213887
IP address blocks:        213.176.76.0/24 maxlen: 24
                          213.176.77.0/24 maxlen: 24
                          213.176.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:87:17:b9:39:75:6a:81:80:ab:a1:1d:81:0d:75:22:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Sep 26 17:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c89683eb7f125c8329f2d4d334ee929e1556d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f4:e3:58:7c:9b:f8:06:6e:2c:46:cd:8a:a0:
                    c6:98:53:dd:7a:5b:fd:cc:32:a4:c0:7b:f4:f8:eb:
                    3e:35:47:ea:91:93:6b:d3:14:5a:eb:fc:ae:d0:ce:
                    2f:a8:37:e5:49:07:ae:e7:6c:ab:08:74:fa:a0:22:
                    c9:b7:ed:c5:39:4a:7b:67:d2:f4:38:42:32:48:b0:
                    ec:8f:c0:39:91:bc:77:c8:b2:56:18:ac:b4:12:88:
                    2b:27:3e:5b:44:2c:b9:2a:0c:73:13:47:f6:b4:25:
                    7d:a6:df:39:e4:17:46:0a:08:83:99:8b:87:d0:07:
                    f8:06:c3:25:7e:ff:dd:7a:f8:06:1e:57:2d:a9:58:
                    05:c4:1d:f5:e4:c0:7b:cd:52:27:4f:f7:a0:ab:07:
                    19:66:1e:82:bf:8c:34:24:1f:d9:3b:13:ba:c9:85:
                    f4:bc:c3:c8:c6:5a:58:7e:c2:e3:58:d7:6e:2f:b7:
                    1c:22:b7:5c:ab:1c:95:21:f1:b0:66:e5:68:18:a6:
                    4d:5b:a7:fe:f0:c4:94:33:9b:5b:d9:db:80:aa:ab:
                    97:31:ad:19:1b:ea:99:89:20:6c:8c:b4:ea:9a:20:
                    58:db:20:2a:b1:1e:b9:f0:59:f3:31:3d:d8:0a:1a:
                    82:1e:6e:41:2f:56:85:44:02:b8:da:80:49:ad:fb:
                    32:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:89:68:3E:B7:F1:25:C8:32:9F:2D:4D:33:4E:E9:29:E1:55:6D:64
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/jIloPrfxJcgyny1NM07pKeFVbWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:37:b3:61:4d:f2:ce:08:a5:4b:89:39:48:a0:ed:37:36:2a:
         12:f6:88:26:0b:a1:f1:b8:f9:3c:91:42:f8:d0:fb:c7:f3:fd:
         b0:47:b8:ce:5d:e8:82:18:8c:73:50:0b:0a:bb:9e:4f:6f:8c:
         2d:42:5e:5b:93:7b:47:46:a4:dd:d7:40:4f:29:c0:0b:41:0d:
         84:9d:9a:25:75:19:b8:0d:c2:5c:af:16:13:91:df:ea:aa:9c:
         74:84:6b:ea:d6:9a:02:b6:9b:34:ed:9d:b5:63:eb:2b:12:9a:
         a5:c8:08:36:71:57:f2:43:87:c7:88:ee:cb:76:03:99:53:3d:
         9c:2c:1e:79:ab:2d:be:cd:8e:f8:1b:24:15:8c:31:26:04:c6:
         dd:8d:2c:36:4e:95:0b:62:3c:aa:90:33:66:47:ef:c6:d4:33:
         a5:38:50:ef:5c:9f:87:31:8b:35:f5:b4:25:1b:0f:20:c2:f5:
         69:96:a6:56:4f:88:73:8a:04:9c:2d:0b:67:74:8a:77:c4:df:
         3c:9b:89:a2:e0:23:00:d0:f4:71:cd:60:3b:02:8a:41:28:44:
         60:b8:7f:f4:e5:07:f1:ef:61:6f:77:b0:09:90:6e:7b:97:79:
         19:a5:68:15:3c:bc:b7:6b:c2:d9:7b:f8:1e:f7:ef:1e:46:b1:
         2a:b3:6c:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmHF7k5dWqBgKuhHYENdSLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjUwOTI2MTczNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yzg5NjgzZWI3ZjEyNWM4MzI5ZjJkNGQzMzRlZTkyOWUxNTU2ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvTjWHyb+AZuLEbNiqDGmFPdelv9
zDKkwHv0+Os+NUfqkZNr0xRa6/yu0M4vqDflSQeu52yrCHT6oCLJt+3FOUp7Z9L0
OEIySLDsj8A5kbx3yLJWGKy0EogrJz5bRCy5KgxzE0f2tCV9pt855BdGCgiDmYuH
0Af4BsMlfv/devgGHlctqVgFxB315MB7zVInT/egqwcZZh6Cv4w0JB/ZOxO6yYX0
vMPIxlpYfsLjWNduL7ccIrdcqxyVIfGwZuVoGKZNW6f+8MSUM5tb2duAqquXMa0Z
G+qZiSBsjLTqmiBY2yAqsR658FnzMT3YChqCHm5BL1aFRAK42oBJrfsyQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIyJaD638SXIMp8tTTNO6SnhVW1kMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvaklsb1ByZnhKY2d5bnkxTk0wN3BLZUZWYldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1bBMMA0G
CSqGSIb3DQEBCwUAA4IBAQAKN7NhTfLOCKVLiTlIoO03NioS9ogmC6HxuPk8kUL4
0PvH8/2wR7jOXeiCGIxzUAsKu55Pb4wtQl5bk3tHRqTd10BPKcALQQ2EnZoldRm4
DcJcrxYTkd/qqpx0hGvq1poCtps07Z21Y+srEpqlyAg2cVfyQ4fHiO7LdgOZUz2c
LB55qy2+zY74GyQVjDEmBMbdjSw2TpULYjyqkDNmR+/G1DOlOFDvXJ+HMYs19bQl
Gw8gwvVplqZWT4hzigScLQtndIp3xN88m4mi4CMA0PRxzWA7AopBKERguH/05Qfx
72Fvd7AJkG57l3kZpWgVPLy3a8LZe/ge9+8eRrEqs2ze
-----END CERTIFICATE-----